5 Considerations When Vetting Fintech Partnerships

Fintech collaborations are an increasingly critical component of a bank’s strategy.

So much so that Bank Director launched FinXTech, committed to bridging the gap between financial institutions and financial technology companies. Identifying and establishing the right partner enables banks to remain competitive among peers and non-bank competitors by allowing them to access modern and scalable solutions. With over 10,000 fintechs operating in the U.S. alone, finding and vetting the right solution can seem like an arduous task for banks.

The most successful partnerships are prioritized at the board and executive level. Ideally, each partnership has an owner — one that is senior enough to make decisions that dictate the direction of the partnership. With prioritization and owners in place, banks can consider fintech companies at all stages of maturity as potential partners. While early-stage companies inherently carry more risk, the trade-off often comes in the form of enhanced customization or pricing discounts. These earlier-stage partnerships may require the bank to be more involved during the implementation, compliance or regulatory processes, compared to working with a more-mature company.

There is no one-size-fits-all approach, and it’s important for banks to evaluate potential partners based on their own strategic plan and risk tolerance. When conducting diligence on fintechs of any stage or category, banks should place emphasis on the following aspects of a potential partner:

1. Analyze Business Health. This starts with understanding the fintech’s ability to scale while remaining in viable financial conditions. Banks should evaluate financial statements, internal key performance indicator reports, and information on sources of funding, including major investors.

Banks should also research the company’s competitive environment, strength of its client base and potential expansion plans. This information can help determine the fintech’s capability to sustain operations and satisfy any financial commitments, allowing for a long-term, prosperous partnership. This analysis is even more important in the current economic environment, where fresh capital may be harder to come by.

2. Determine Legal and Compliance. Banks need to assess a fintech’s compliance policies to determine if their partner will be able to comply with the bank’s own legal and regulatory standards. Executives should include quarterly and annual reports, litigation or enforcement action records, and other relevant public materials, such as patents or licenses, in this evaluation.

Banks may also want to consider reviewing the fintech’s relationship with other financial institutions, as well as the firm’s risk management controls and regulatory compliance processes in areas relevant to the operations. This can give bank executives greater insight into the fintech’s familiarity with the regulatory environment and ability to comply with important laws and regulations.

3. Evaluate Data Security. Banks must understand a fintech’s information and security framework and procedures, including how the company plans to leverage customer or other potentially sensitive, proprietary information.

Executives should review the fintech’s policies and procedures, information security control assessments, incident management and response policies, and information security and privacy awareness training materials. In addition, external reports, such as SOC 2 audits, can be key documents to aid in the assessment. This due diligence can help banks understand the fintech’s approach to data security, while upholding the regulator’s expectations.

4. Ask for References. When considering a potential fintech partnership, executives should consult with multiple references. References can provide the bank with insight into the company’s history, conflict resolution, strengths and weakness, renewal plans and more, allowing for a deeper understanding of the fintech’s past and current relationships. If possible, choose the reference you speak with, rather than allowing the fintech to choose.

5. Ensure Cultural Alignment. The fintech’s culture plays an important role in a partnership, which is why on-site visits to see the operations and team in action can help executives with their assessment. Have conversations with the founders about their goals and speak with other members of the team to get a better idea of who you will be working with. Partners should be confident in the people and technology — both will create a mutually successful and meaningful relationship.

Despite the best intentions, not all partnerships are successful. Common mistakes include lack of ownership and strategy, project fatigue, risk aversion and unreasonable expectations. Too often, banks are looking for a silver bullet, but meaningful outcomes take time. Setting expectations and continuing to re-evaluate the success and performance of these partnerships frequently will ensure that both parties are achieving optimal results.

Once banks establish partnerships, they must also nurture the relationship. Again, this is best accomplished by having a dedicated partner owner who is responsible for meeting objectives. As someone who analyzes hundreds of fintechs to determine quality, viability and partner value, I am encouraged by the vast number of technology solutions available to financial institutions today. Keeping a focused, analytical approach to partnering with fintechs will put your bank well on its way to implementing innovative new technology for all stakeholders.

Effective Oversight of Fintech Partnerships

For today’s banks, the shift to digital and embracing financial technology is no longer an option but a requirement in order to compete.

Fintechs enable banks to deploy, originate and service customers more effectively than traditional methods; now, many customers prefer these channels. But banks are often held back from jumping into fintech and digital spaces by what they view as insurmountable hurdles for their risk, compliance and operational teams. They see this shift as requiring multiple new hires and requiring extensive capital and technology resources. In reality, many smaller institutions are wading into these spaces methodically and effectively.

Bank oversight and management must be tailored to the specific products and services and related risks. These opportunities can range in sophistication from relatively simple referral programs between a bank and a fintech firm, which require far less oversight to banking as a service (often called BaaS) which requires extensive oversight.

A bank’s customized third-party oversight program, or TPO, is the cornerstone of a successful fintech partnership from a risk and compliance perspective, and should be accorded appropriate attention and commitment by leadership.

What qualifies as an existing best-in-class TPO program at a traditional community bank may not meet evolving regulatory expectations of a TPO that governs an institution offering core products and services through various fintech and digital partners. Most banks already have the hallmarks of a traditional TPO program, such as reviewing all associated compliance controls of their partner/vendor and monitoring the performance on a recurring basis. But for some banks with more exposure to fintech partners, their TPO need to address other risks prior to onboarding. Common unaccounted-for risks we see at banks embarking on more extensive fintech strategies include:

  • Reviewing and documenting partners’ money transmission processes to ensure they are not acting as unlicensed money transmitters.
  • Reviewing fintech deposit account’s set up procedures.
  • Assessing fintech partner marketing of services and/or products.
  • Ensuring that agreements provide for sufficient partner oversight to satisfy regulators.
  • Procedures to effectively perform required protocols that are required under the Bank Secrecy Act, anti-money laundering and Know Your Customer regulations, and capture information within the bank’s systems of record. If the bank relies on the fintech partner to do so, implementing the assessment and oversight process of the fintech’s program.
  • Assessing the compliance and credit risks associated with fintech partner underwriting criteria such as artificial intelligence, alternative data and machine learning.
  • Assessing the impact of the fintech strategy on the bank’s fair lending program and/or Community Reinvestment Act footprint.
  • The potential risk of unfair, deceptive or abusive acts or practices through the fintech partner’s activities.
  • True lender risks and documenting the institution’s understanding of the regulations surrounding the true lender doctrine.
  • Assessing customer risk profile changes resulting from the expansion of the bank’s services and or products and incorporating these changes into the compliance management system.
  • Revising your overall enterprise risk management program to account for the risks associated with any shift in products and services.

Finally, regulators expect this shift to more fintech partnerships to become the norm rather than the exception. They view it as an opportunity for banks to provide greater access to products and services to the underbanked, unbanked and credit invisible. Over the last couple of years, we have seen a number of resources deployed by bank regulators in this space, including:

  • Regulators creating various offices to address how banks can best utilize data and technology to meet consumer demands while maintaining safety, soundness, and consumer protection. The Federal Deposit Insurance Corp. has built FDITECH, the Office of the Comptroller of the Currency has an Office of Innovation, as does the Federal Reserve Board. The CFPB has aggregated their efforts to deploy sandboxes and issue “No-Action Letters” through its own Innovation Office.
  • The Federal Reserve issued a guide for community banks on conducting due diligence on financial technology firms in August 2021.
  • OCC Acting Comptroller Michael Hsu gave remarks at the Fintech Policy Summit 2021 in November 2021.
  • In November 2021, the OCC issued a release clarifying bank authority to engage in certain cryptocurrency activities, as well as the regulator’s authority to charter national trust banks.

Adopting best practices like the ones we listed above, as well as early communication with regulators, will place your bank in a great position to start successfully working with fintechs to expand and improve your bank’s products and services and compete in today’s market.

The Future of Banking

Open banking is bigger in the United States than it is in Europe, says Lee Wetherington, the senior director of corporate strategy for Jack Henry & Associates, one of the banking industry’s largest technology solution providers. For financial technology companies, that means an unlimited potential to access data, and offer products and services that customers would like or will like in the future.

Wetherington answers three questions in this video:

  • How can fintechs leverage open-banking rails to improve their offerings and reach?
  • What will the banking industry look like in 10 years?
  • Looking beyond 10 years, will there be a banking industry as we know it now?

Use Cases, Best Practices For Working With Fintechs

Bank leadership teams often come under pressure to quickly establish new fintech relationships in response to current market and competitive trends.

The rewards of these increasingly popular collaborations can be substantial, but so can the associated risks. To balance these risks and rewards, bank boards and senior executives should understand the typical use-case scenarios that make such collaborations appealing, as well as the critical success factors that make them work.

Like any partnership, a successful bank-fintech collaboration begins with recognizing that each partner has something the other needs. For fintechs, that “something” is generally access to payment rails and the broader financial system — and in some cases, direct funding and access to a bank’s customer base. For banks, such partnerships can make it possible to implement advanced technological capabilities that would be impractical or cost-prohibitive to develop internally.

At a high level, bank-fintech partnerships generally fall into two broad categories:

1. Customer-facing collaborations. Among the more common use cases in this category are new digital interfaces, such as banking-as-a-service platforms and targeted online offerings such as deposit services, lending or credit products, and personal and commercial financial management tools.

In some collaborations, banks install software developed by fintech to automate or otherwise enhance their interactions with customers. In others, banks allow fintech partners to interact directly with bank customers using their own brand to provide specialized services such as payment processing or peer-to-peer transactions. In all such relationships, banks must be alert to the heightened third-party risks — including reputational risk — that result when a fintech partner is perceived as an extension of the bank. The bank also maintains ultimate accountability for consumer protection, financial crimes compliance and other similar issues that could expose it to significant harm.

2. Infrastructure and operational collaborations. In these partnerships, banks work with fintechs to streamline internal processes, enhance regulatory monitoring or compliance systems, or develop other technical infrastructure to upgrade core platforms or support systems such as customer onboarding tools. In addition to improving operational efficiency and accuracy, such partnerships also can enable banks to expand their product offerings and improve the customer experience.

Although each situation is unique, successful bank-fintech partnerships generally share some important attributes, including:

  • Strategic and cultural alignment. Each organization enters the collaboration for its own reasons, but the partnership’s business plan must support both parties’ strategic objectives. It’s necessary that both parties have a compatible cultural fit and complementary views of how the collaboration will create value and produce positive customer outcomes. They must clearly define the roles and contributions and be willing to engage in significant transparency and data sharing on compatible technology platforms.
  • Operational capacity, resilience and compatibility. Both parties’ back-office systems must have sufficient capacity to handle the increased data capture and data processing demands they will face. Bank systems typically incorporate strict controls; fintech processes often are more flexible. This disparity can present additional risks to the bank, particularly in high-volume transactions. Common shortcomings include inadequate capacity to handle customer inquiries, disputes, error resolution and complaints. As a leading bank’s chief operating officer noted at a recent Bank Director FinXTech event, improper handling of Regulation E errors in a banking-as-a-service relationship is one of the quickest ways to put a bank’s charter at risk.
  • Integrated risk management and compliance. Although the chartered bank in a bank-fintech partnership inevitably carries the larger share of the regulatory compliance risk, both organizations should be deliberate in embedding risk management and compliance considerations into their new workflows and processes. A centralized governance, risk, and compliance platform can be of immense value in this effort. Banks should be particularly vigilant regarding information security, data privacy, consumer protection, financial crimes compliance and dispute or complaints management.

Proceed Cautiously
Banks should guard against rushing into bank-fintech relationships merely to pursue the newest trend or product offering. Rather, boards and senior executives should require that any relationship begins with a clear definition of the specific issues the partnership will address or the strategic objective it will achieve. In addition, as regulators outlined in recent guidance regarding bank and fintech partnerships, the proposed collaboration should be subject to the full range of due diligence controls that would apply to any third-party relationship.

Successful fintech collaborations can help banks expand their product offerings in support of long-term growth objectives and meet customers’ growing expectations for innovative and responsive new services.

5 Key Factors for Fintech Partnerships

As banks explore ways to expand their products and services, many are choosing to partner with fintech companies to enhance their offerings. These partnerships are valuable opportunities for a bank that otherwise would not have the resources to develop the technology or expertise in-house to meet customer demand.

However, banks need to be cautious when partnering with fintech companies — they are subcontracting critical services and functions to a third-party provider. They should “dig in” when assessing their fintech partners to reduce the regulatory, operational and reputational risk exposure to the bank. There are a few things banks should consider to ensure they are partnering with third party that is safe and reputable to provide downstream services to their customers.

1. Look for fintech companies that have strong expertise and experience in complying with applicable banking regulations.

  • Consider the banking regulations that apply to support the product the fintech offers, and ask the provider how they meet these compliance standards.
  • Ask about the fintech’s policies, procedures, training and internal control that satisfy any legal and regulatory requirements.
  • Ensure contract terms clearly define legal and compliance duties, particularly for reporting, data privacy, customer complaints and recordkeeping requirements.

2. Data and cybersecurity should be a top priority.

  • Assess your provider’s information security controls to ensure they meet the bank’s standards.
  • Review the fintech’s policies and procedures to evaluate their incident management and response practices, compliance with applicable privacy laws and regulations and training requirements for staff.

3. Engage with fintechs that have customer focus in mind — even when the bank maintains the direct interaction with its customers.

  • Look for systems and providers that make recommendations for required agreements and disclosures for application use.
  • Select firms that can provide white-labeled services, allowing bank customer to use the product directly.
  • Work with fintechs that are open to tailoring and enhancing the end-user customer experience to further the continuity of the bank/customer relationship.

4. Look for a fintech that employs strong technology professionals who can provide a smooth integration process that allows information to easily flow into the bank’s systems and processes.

  • Using a company that employs talented technology staff can save time and money when solving technology issues or developing operational efficiencies.

5. Make sure your fintech has reliable operations with minimal risk of disruption.

  • Review your provider’s business continuity and disaster recovery plans to make sure there are appropriate incident response measures.
  • Make sure the provider’s service level agreements meet the needs of your banking operations; if you are providing a 24-hour service, make sure your fintech also supports those same hours.
  • Require insurance coverage from your provider, so the bank is covered if a serious incident occurs.

Establishing a relationship with a fintech can provide a bank with a faster go-to-market strategy for new product offerings while delivering a customer experience that would be challenging for a bank to recreate. However, the responsibility of choosing a reputable tech firm should not be taken lightly. By taking some of these factors into consideration, banks can continue to follow sound banking practices while providing a great customer experience and demonstrating a commitment to innovation.